-
Notifications
You must be signed in to change notification settings - Fork 595
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Not able to set the container securityContext #3964
Comments
Hi @andreasgeisslerdt. The setting in question, |
Hi @andreasgeisslerdt! Can you provide some additional clarification around your specific use-case? More specifically, I am trying to better understand the behavior you are looking for by explicitly providing the I am curious, because if you look at CPK's default $ kubectl get pod hippo-pgbouncer-566584db88-jbzzj -n postgres-operator -o yaml
...
name: pgbouncer
ports:
- containerPort: 5432
name: pgbouncer
protocol: TCP
resources: {}
securityContext:
allowPrivilegeEscalation: false
capabilities:
drop:
- ALL
...
name: pgbouncer-config
resources: {}
securityContext:
allowPrivilegeEscalation: false
capabilities:
drop:
- ALL
... As a result, it shouldn't be necessary to explicitly drop any additional capabilities (e.g. |
Hi @andrewlecuyer the issue is that it is in some environment required to define much stricter rules within the security Context setting. In that case it is necessary to be able to adjust default settings. In case of drop CAP_NET_RAW. |
The Background is, that we need to fulfill certain security requirements to deploy our software to production. |
Overview
I would like to update the container securityContext of the pgBouncer.
According to the CRD (https://access.crunchydata.com/documentation/postgres-operator/latest/references/crd/5.5.x/postgrescluster#postgresclusterspecproxypgbouncercontainersindex) I set it like:
but the pgbouncer pods are not changed.
Environment
Please provide the following details:
Kubernetes
)1.29.1
)ubi8-5.5.0-0
)16
)hostpath
,nfs
, or the name of your storage class)Steps to Reproduce
REPRO
Provide steps to get to the error condition:
EXPECTED
ACTUAL
The text was updated successfully, but these errors were encountered: